You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by dk...@apache.org on 2020/09/24 02:49:15 UTC
[sling-org-apache-sling-app-cms] branch master updated: Testing
other common cases for the CMS Security Filter
This is an automated email from the ASF dual-hosted git repository.
dklco pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-app-cms.git
The following commit(s) were added to refs/heads/master by this push:
new fde0d09 Testing other common cases for the CMS Security Filter
fde0d09 is described below
commit fde0d090bd412caa67fcecb61aa62dc6c8c704ea
Author: Dan Klco <dk...@apache.org>
AuthorDate: Wed Sep 23 22:49:00 2020 -0400
Testing other common cases for the CMS Security Filter
---
.../internal/filters/CMSSecurityFilterTest.java | 90 ++++++++++++++++++++++
1 file changed, 90 insertions(+)
diff --git a/core/src/test/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilterTest.java b/core/src/test/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilterTest.java
index 7edc430..c8c853a 100644
--- a/core/src/test/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilterTest.java
+++ b/core/src/test/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilterTest.java
@@ -26,6 +26,8 @@ import javax.jcr.UnsupportedRepositoryOperationException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.cms.PublishableResource;
import org.apache.sling.cms.core.helpers.SlingCMSTestHelper;
import org.apache.sling.cms.publication.PUBLICATION_MODE;
import org.apache.sling.cms.publication.PublicationManagerFactory;
@@ -99,4 +101,92 @@ public class CMSSecurityFilterTest {
securityFilter.doFilter(context.request(), context.response(), Mockito.mock(FilterChain.class));
assertEquals(200, context.response().getStatus());
}
+
+ @Test
+ public void testAllowedPath() throws IOException, ServletException {
+
+ PublicationManagerFactory factory = Mockito.mock(PublicationManagerFactory.class);
+ Mockito.when(factory.getPublicationMode()).thenReturn(PUBLICATION_MODE.STANDALONE);
+ context.registerService(PublicationManagerFactory.class, factory);
+
+ CMSSecurityConfigInstance config = new CMSSecurityConfigInstance();
+ config.activate(new CMSSecurityFilterConfig() {
+
+ @Override
+ public Class<? extends Annotation> annotationType() {
+ return null;
+ }
+
+ @Override
+ public String[] hostDomains() {
+ return new String[] { "cms.apache.org" };
+ }
+
+ @Override
+ public String[] allowedPatterns() {
+ return new String[] { "\\/static\\/.*" };
+ }
+
+ @Override
+ public String group() {
+ return null;
+ }
+
+ });
+ context.registerService(CMSSecurityConfigInstance.class, config);
+
+ securityFilter = context.registerInjectActivateService(new CMSSecurityFilter());
+
+ context.request().setRemoteHost("cms.apache.org");
+ context.request().setServletPath("/static/test1.txt");
+
+ securityFilter.doFilter(context.request(), context.response(), Mockito.mock(FilterChain.class));
+ assertEquals(200, context.response().getStatus());
+ }
+
+ @Test
+ public void testPublished() throws IOException, ServletException {
+
+ PublicationManagerFactory factory = Mockito.mock(PublicationManagerFactory.class);
+ Mockito.when(factory.getPublicationMode()).thenReturn(PUBLICATION_MODE.STANDALONE);
+ context.registerService(PublicationManagerFactory.class, factory);
+
+ CMSSecurityConfigInstance config = new CMSSecurityConfigInstance();
+ config.activate(new CMSSecurityFilterConfig() {
+
+ @Override
+ public Class<? extends Annotation> annotationType() {
+ return null;
+ }
+
+ @Override
+ public String[] hostDomains() {
+ return new String[] { "cms.apache.org" };
+ }
+
+ @Override
+ public String[] allowedPatterns() {
+ return new String[] { "\\/static\\/.*" };
+ }
+
+ @Override
+ public String group() {
+ return null;
+ }
+
+ });
+ context.registerService(CMSSecurityConfigInstance.class, config);
+
+ securityFilter = context.registerInjectActivateService(new CMSSecurityFilter());
+
+ context.request().setRemoteHost("cms.apache.org");
+ context.request().setServletPath("/content/test1.txt");
+
+ PublishableResource published = Mockito.mock(PublishableResource.class);
+ Mockito.when(published.isPublished()).thenReturn(true);
+ context.registerAdapter(Resource.class, PublishableResource.class, published);
+
+ securityFilter.doFilter(context.request(), context.response(), Mockito.mock(FilterChain.class));
+ assertEquals(200, context.response().getStatus());
+ }
}
\ No newline at end of file